5 * @subpackage SpecialPage
11 function wfSpecialUserlogin() {
12 global $wgCommandLineMode;
14 if( !$wgCommandLineMode && !isset( $_COOKIE[session_name()] ) ) {
18 $form = new LoginForm( $wgRequest );
25 * @subpackage SpecialPage
28 define("AuthSuccess", 0);
29 define("AuthNoName", 1);
30 define("AuthIllegal", 2);
31 define("AuthWrongPluginPass", 3);
32 define("AuthNotExists", 4);
33 define("AuthWrongPass", 5);
34 define("AuthEmptyPass", 6);
37 var $mName, $mPassword, $mRetype, $mReturnTo, $mCookieCheck, $mPosted;
38 var $mAction, $mCreateaccount, $mCreateaccountMail, $mMailmypassword;
39 var $mLoginattempt, $mRemember, $mEmail, $mDomain, $mLanguage;
43 * @param webrequest $request A webrequest object passed by reference
45 function LoginForm( &$request ) {
46 global $wgLang, $wgAllowRealName, $wgEnableEmail;
49 $this->mType
= $request->getText( 'type' );
50 $this->mName
= $request->getText( 'wpName' );
51 $this->mPassword
= $request->getText( 'wpPassword' );
52 $this->mRetype
= $request->getText( 'wpRetype' );
53 $this->mDomain
= $request->getText( 'wpDomain' );
54 $this->mReturnTo
= $request->getVal( 'returnto' );
55 $this->mCookieCheck
= $request->getVal( 'wpCookieCheck' );
56 $this->mPosted
= $request->wasPosted();
57 $this->mCreateaccount
= $request->getCheck( 'wpCreateaccount' );
58 $this->mCreateaccountMail
= $request->getCheck( 'wpCreateaccountMail' )
60 $this->mMailmypassword
= $request->getCheck( 'wpMailmypassword' )
62 $this->mLoginattempt
= $request->getCheck( 'wpLoginattempt' );
63 $this->mAction
= $request->getVal( 'action' );
64 $this->mRemember
= $request->getCheck( 'wpRemember' );
65 $this->mLanguage
= $request->getText( 'uselang' );
67 if( $wgEnableEmail ) {
68 $this->mEmail
= $request->getText( 'wpEmail' );
72 if( $wgAllowRealName ) {
73 $this->mRealName
= $request->getText( 'wpRealName' );
75 $this->mRealName
= '';
78 if( !$wgAuth->validDomain( $this->mDomain
) ) {
79 $this->mDomain
= 'invaliddomain';
81 $wgAuth->setDomain( $this->mDomain
);
83 # When switching accounts, it sucks to get automatically logged out
84 if( $this->mReturnTo
== $wgLang->specialPage( 'Userlogout' ) ) {
85 $this->mReturnTo
= '';
90 if ( !is_null( $this->mCookieCheck
) ) {
91 $this->onCookieRedirectCheck( $this->mCookieCheck
);
93 } else if( $this->mPosted
) {
94 if( $this->mCreateaccount
) {
95 return $this->addNewAccount();
96 } else if ( $this->mCreateaccountMail
) {
97 return $this->addNewAccountMailPassword();
98 } else if ( $this->mMailmypassword
) {
99 return $this->mailPassword();
100 } else if ( ( 'submitlogin' == $this->mAction
) ||
$this->mLoginattempt
) {
101 return $this->processLogin();
104 $this->mainLoginForm( '' );
110 function addNewAccountMailPassword() {
113 if ('' == $this->mEmail
) {
114 $this->mainLoginForm( wfMsg( 'noemail', htmlspecialchars( $this->mName
) ) );
118 $u = $this->addNewaccountInternal();
125 $result = $this->mailPasswordInternal($u);
127 wfRunHooks( 'AddNewAccount', array( $u ) );
129 $wgOut->setPageTitle( wfMsg( 'accmailtitle' ) );
130 $wgOut->setRobotpolicy( 'noindex,nofollow' );
131 $wgOut->setArticleRelated( false );
133 if( WikiError
::isError( $result ) ) {
134 $this->mainLoginForm( wfMsg( 'mailerror', $result->getMessage() ) );
136 $wgOut->addWikiText( wfMsg( 'accmailtext', $u->getName(), $u->getEmail() ) );
137 $wgOut->returnToMain( false );
146 function addNewAccount() {
147 global $wgUser, $wgEmailAuthentication;
149 # Create the account and abort if there's a problem doing so
150 $u = $this->addNewAccountInternal();
154 # If we showed up language selection links, and one was in use, be
155 # smart (and sensible) and save that language as the user's preference
156 global $wgLoginLanguageSelector;
157 if( $wgLoginLanguageSelector && $this->mLanguage
)
158 $u->setOption( 'language', $this->mLanguage
);
160 # Save user settings and send out an email authentication message if needed
162 if( $wgEmailAuthentication && User
::isValidEmailAddr( $u->getEmail() ) )
163 $u->sendConfirmationMail();
165 # If not logged in, assume the new account as the current one and set session cookies
166 # then show a "welcome" message or a "need cookies" message as needed
167 if( $wgUser->isAnon() ) {
169 $wgUser->setCookies();
170 wfRunHooks( 'AddNewAccount', array( $wgUser ) );
171 if( $this->hasSessionCookie() ) {
172 return $this->successfulLogin( wfMsg( 'welcomecreation', $wgUser->getName() ), false );
174 return $this->cookieRedirectCheck( 'new' );
177 # Confirm that the account was created
179 $skin = $wgUser->getSkin();
180 $self = Title
::makeTitle( NS_SPECIAL
, 'Userlogin' );
181 $wgOut->setPageTitle( wfMsgHtml( 'accountcreated' ) );
182 $wgOut->setArticleRelated( false );
183 $wgOut->setRobotPolicy( 'noindex,nofollow' );
184 $wgOut->addHtml( wfMsgWikiHtml( 'accountcreatedtext', $u->getName() ) );
185 $wgOut->returnToMain( $self->getPrefixedText() );
186 wfRunHooks( 'AddNewAccount', array( $u ) );
194 function addNewAccountInternal() {
195 global $wgUser, $wgOut;
196 global $wgEnableSorbs, $wgProxyWhitelist;
197 global $wgMemc, $wgAccountCreationThrottle, $wgDBname;
198 global $wgAuth, $wgMinimalPasswordLength, $wgReservedUsernames;
200 // If the user passes an invalid domain, something is fishy
201 if( !$wgAuth->validDomain( $this->mDomain
) ) {
202 $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
206 // If we are not allowing users to login locally, we should
207 // be checking to see if the user is actually able to
208 // authenticate to the authentication server before they
209 // create an account (otherwise, they can create a local account
210 // and login as any domain user). We only need to check this for
211 // domains that aren't local.
212 if( 'local' != $this->mDomain
&& '' != $this->mDomain
) {
213 if( !$wgAuth->canCreateAccounts() && ( !$wgAuth->userExists( $this->mName
) ||
!$wgAuth->authenticate( $this->mName
, $this->mPassword
) ) ) {
214 $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
219 if ( wfReadOnly() ) {
220 $wgOut->readOnlyPage();
224 if (!$wgUser->isAllowedToCreateAccount()) {
225 $this->userNotPrivilegedMessage();
230 if ( $wgEnableSorbs && !in_array( $ip, $wgProxyWhitelist ) &&
231 $wgUser->inSorbsBlacklist( $ip ) )
233 $this->mainLoginForm( wfMsg( 'sorbs_create_account_reason' ) . ' (' . htmlspecialchars( $ip ) . ')' );
237 $name = trim( $this->mName
);
238 $u = User
::newFromName( $name );
239 if ( is_null( $u ) ||
in_array( $u->getName(), $wgReservedUsernames ) ) {
240 $this->mainLoginForm( wfMsg( 'noname' ) );
244 if ( 0 != $u->idForName() ) {
245 $this->mainLoginForm( wfMsg( 'userexists' ) );
249 if ( 0 != strcmp( $this->mPassword
, $this->mRetype
) ) {
250 $this->mainLoginForm( wfMsg( 'badretype' ) );
254 if ( !$wgUser->isValidPassword( $this->mPassword
) ) {
255 $this->mainLoginForm( wfMsg( 'passwordtooshort', $wgMinimalPasswordLength ) );
259 if ( $wgAccountCreationThrottle ) {
260 $key = $wgDBname.':acctcreate:ip:'.$ip;
261 $value = $wgMemc->incr( $key );
263 $wgMemc->set( $key, 1, 86400 );
265 if ( $value > $wgAccountCreationThrottle ) {
266 $this->throttleHit( $wgAccountCreationThrottle );
272 if( !wfRunHooks( 'AbortNewAccount', array( $u, &$abortError ) ) ) {
273 // Hook point to add extra creation throttles and blocks
274 wfDebug( "LoginForm::addNewAccountInternal: a hook blocked creation\n" );
275 $this->mainLoginForm( $abortError );
279 if( !$wgAuth->addUser( $u, $this->mPassword
) ) {
280 $this->mainLoginForm( wfMsg( 'externaldberror' ) );
285 $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 );
286 $ssUpdate->doUpdate();
288 return $this->initUser( $u );
292 * Actually add a user to the database.
293 * Give it a User object that has been initialised with a name.
295 * @param $u User object.
296 * @return User object.
299 function &initUser( &$u ) {
301 $u->setPassword( $this->mPassword
);
302 $u->setEmail( $this->mEmail
);
303 $u->setRealName( $this->mRealName
);
307 $wgAuth->initUser( $u );
309 $u->setOption( 'rememberpassword', $this->mRemember ?
1 : 0 );
318 function authenticateUserData()
320 global $wgUser, $wgAuth, $wgReservedUsernames;
321 if ( '' == $this->mName
) {
324 $u = User
::newFromName( $this->mName
);
325 if( is_null( $u ) ||
in_array( $u->getName(), $wgReservedUsernames ) ) {
328 if ( 0 == $u->getID() ) {
331 * If the external authentication plugin allows it,
332 * automatically create a new account for users that
333 * are externally defined but have not yet logged in.
335 if ( $wgAuth->autoCreate() && $wgAuth->userExists( $u->getName() ) ) {
336 if ( $wgAuth->authenticate( $u->getName(), $this->mPassword
) ) {
337 $u =& $this->initUser( $u );
339 return AuthPluginPass
;
342 return AuthNotExists
;
345 $u->loadFromDatabase();
348 if (!$u->checkPassword( $this->mPassword
)) {
349 return '' == $this->mPassword ? AuthEmptyPass
: AuthWrongPass
;
353 $wgAuth->updateUser( $u );
359 function processLogin() {
360 global $wgUser, $wgAuth, $wgReservedUsernames;
362 switch ($this->authenticateUserData())
365 # We've verified now, update the real record
367 $wgUser->setOption( 'rememberpassword', $this->mRemember ?
1 : 0 );
368 $wgUser->setCookies();
369 $wgUser->saveSettings();
371 if( $this->hasSessionCookie() ) {
372 return $this->successfulLogin( wfMsg( 'loginsuccess', $wgUser->getName() ) );
374 return $this->cookieRedirectCheck( 'login' );
380 $this->mainLoginForm( wfMsg( 'noname' ) );
382 case (AuthWrongPluginPass
):
383 $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
385 case (AuthNotExists
):
386 $this->mainLoginForm( wfMsg( 'nosuchuser', htmlspecialchars( $this->mName
) ) );
388 case (AuthWrongPass
):
389 $this->mainLoginForm( wfMsg( 'wrongpassword' ) );
391 case (AuthEmptyPass
):
392 $this->mainLoginForm( wfMsg( 'wrongpasswordempty' ) );
395 wfDebugDieBacktrace( "Unhandled case value" );
402 function mailPassword() {
403 global $wgUser, $wgOut;
405 # Check against the rate limiter
406 if( $wgUser->pingLimiter( 'mailpassword' ) ) {
407 $wgOut->rateLimited();
411 if ( '' == $this->mName
) {
412 $this->mainLoginForm( wfMsg( 'noname' ) );
415 $u = User
::newFromName( $this->mName
);
416 if( is_null( $u ) ) {
417 $this->mainLoginForm( wfMsg( 'noname' ) );
420 if ( 0 == $u->getID() ) {
421 $this->mainLoginForm( wfMsg( 'nosuchuser', $u->getName() ) );
425 $u->loadFromDatabase();
427 $result = $this->mailPasswordInternal( $u );
428 if( WikiError
::isError( $result ) ) {
429 $this->mainLoginForm( wfMsg( 'mailerror', $result->getMessage() ) );
431 $this->mainLoginForm( wfMsg( 'passwordsent', $u->getName() ), 'success' );
437 * @return mixed true on success, WikiError on failure
440 function mailPasswordInternal( $u ) {
441 global $wgCookiePath, $wgCookieDomain, $wgCookiePrefix, $wgCookieSecure;
442 global $wgServer, $wgScript;
444 if ( '' == $u->getEmail() ) {
445 return new WikiError( wfMsg( 'noemail', $u->getName() ) );
448 $np = $u->randomPassword();
449 $u->setNewpassword( $np );
451 setcookie( "{$wgCookiePrefix}Token", '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
456 if ( '' == $ip ) { $ip = '(Unknown)'; }
458 $m = wfMsg( 'passwordremindertext', $ip, $u->getName(), $np, $wgServer . $wgScript );
460 $result = $u->sendMail( wfMsg( 'passwordremindertitle' ), $m );
466 * @param string $msg Message that will be shown on success
467 * @param bool $auto Toggle auto-redirect to main page; default true
470 function successfulLogin( $msg, $auto = true ) {
474 # Run any hooks; ignore results
476 wfRunHooks('UserLoginComplete', array(&$wgUser));
478 $wgOut->setPageTitle( wfMsg( 'loginsuccesstitle' ) );
479 $wgOut->setRobotpolicy( 'noindex,nofollow' );
480 $wgOut->setArticleRelated( false );
481 $wgOut->addWikiText( $msg );
482 if ( !empty( $this->mReturnTo
) ) {
483 $wgOut->returnToMain( $auto, $this->mReturnTo
);
485 $wgOut->returnToMain( $auto );
490 function userNotPrivilegedMessage() {
493 $wgOut->setPageTitle( wfMsg( 'whitelistacctitle' ) );
494 $wgOut->setRobotpolicy( 'noindex,nofollow' );
495 $wgOut->setArticleRelated( false );
497 $wgOut->addWikiText( wfMsg( 'whitelistacctext' ) );
499 $wgOut->returnToMain( false );
503 function userBlockedMessage() {
506 # Let's be nice about this, it's likely that this feature will be used
507 # for blocking large numbers of innocent people, e.g. range blocks on
508 # schools. Don't blame it on the user. There's a small chance that it
509 # really is the user's fault, i.e. the username is blocked and they
510 # haven't bothered to log out before trying to create an account to
511 # evade it, but we'll leave that to their guilty conscience to figure
514 $wgOut->setPageTitle( wfMsg( 'cantcreateaccounttitle' ) );
515 $wgOut->setRobotpolicy( 'noindex,nofollow' );
516 $wgOut->setArticleRelated( false );
519 $wgOut->addWikiText( wfMsg( 'cantcreateaccounttext', $ip ) );
520 $wgOut->returnToMain( false );
526 function mainLoginForm( $msg, $msgtype = 'error' ) {
527 global $wgUser, $wgOut, $wgAllowRealName, $wgEnableEmail;
528 global $wgCookiePrefix, $wgAuth, $wgLoginLanguageSelector;
530 if ( $this->mType
== 'signup' ) {
531 if ( !$wgUser->isAllowed( 'createaccount' ) ) {
532 $this->userNotPrivilegedMessage();
534 } elseif ( $wgUser->isBlockedFromCreateAccount() ) {
535 $this->userBlockedMessage();
540 if ( '' == $this->mName
) {
541 if ( $wgUser->isLoggedIn() ) {
542 $this->mName
= $wgUser->getName();
544 $this->mName
= @$_COOKIE[$wgCookiePrefix.'UserName'];
548 $titleObj = Title
::makeTitle( NS_SPECIAL
, 'Userlogin' );
550 if ( $this->mType
== 'signup' ) {
551 $template = new UsercreateTemplate();
552 $q = 'action=submitlogin&type=signup';
553 $linkq = 'type=login';
554 $linkmsg = 'gotaccount';
556 $template = new UserloginTemplate();
557 $q = 'action=submitlogin&type=login';
558 $linkq = 'type=signup';
559 $linkmsg = 'nologin';
562 if ( !empty( $this->mReturnTo
) ) {
563 $returnto = '&returnto=' . wfUrlencode( $this->mReturnTo
);
568 # Pass any language selection on to the mode switch link
569 if( $wgLoginLanguageSelector && $this->mLanguage
)
570 $linkq .= '&uselang=' . $this->mLanguage
;
572 $link = '<a href="' . htmlspecialchars ( $titleObj->getLocalUrl( $linkq ) ) . '">';
573 $link .= wfMsgHtml( $linkmsg . 'link' );
576 # Don't show a "create account" link if the user can't
577 if( $this->showCreateOrLoginLink( $wgUser ) )
578 $template->set( 'link', wfMsgHtml( $linkmsg, $link ) );
580 $template->set( 'link', '' );
582 $template->set( 'header', '' );
583 $template->set( 'name', $this->mName
);
584 $template->set( 'password', $this->mPassword
);
585 $template->set( 'retype', $this->mRetype
);
586 $template->set( 'email', $this->mEmail
);
587 $template->set( 'realname', $this->mRealName
);
588 $template->set( 'domain', $this->mDomain
);
590 $template->set( 'action', $titleObj->getLocalUrl( $q ) );
591 $template->set( 'message', $msg );
592 $template->set( 'messagetype', $msgtype );
593 $template->set( 'createemail', $wgEnableEmail && $wgUser->isLoggedIn() );
594 $template->set( 'userealname', $wgAllowRealName );
595 $template->set( 'useemail', $wgEnableEmail );
596 $template->set( 'remember', $wgUser->getOption( 'rememberpassword' ) or $this->mRemember
);
598 # Prepare language selection links as needed
599 if( $wgLoginLanguageSelector ) {
600 $template->set( 'languages', $this->makeLanguageSelector() );
601 if( $this->mLanguage
)
602 $template->set( 'uselang', $this->mLanguage
);
605 // Give authentication and captcha plugins a chance to modify the form
606 $wgAuth->modifyUITemplate( $template );
607 if ( $this->mType
== 'signup' ) {
608 wfRunHooks( 'UserCreateForm', array( &$template ) );
610 wfRunHooks( 'UserLoginForm', array( &$template ) );
613 $wgOut->setPageTitle( wfMsg( 'userlogin' ) );
614 $wgOut->setRobotpolicy( 'noindex,nofollow' );
615 $wgOut->setArticleRelated( false );
616 $wgOut->addTemplate( $template );
622 function showCreateOrLoginLink( &$user ) {
623 if( $this->mType
== 'signup' ) {
625 } elseif( $user->isAllowed( 'createaccount' ) ) {
635 function hasSessionCookie() {
636 global $wgDisableCookieCheck;
637 return ( $wgDisableCookieCheck ) ?
true : ( isset( $_COOKIE[session_name()] ) );
643 function cookieRedirectCheck( $type ) {
646 $titleObj = Title
::makeTitle( NS_SPECIAL
, 'Userlogin' );
647 $check = $titleObj->getFullURL( 'wpCookieCheck='.$type );
649 return $wgOut->redirect( $check );
655 function onCookieRedirectCheck( $type ) {
658 if ( !$this->hasSessionCookie() ) {
659 if ( $type == 'new' ) {
660 return $this->mainLoginForm( wfMsg( 'nocookiesnew' ) );
661 } else if ( $type == 'login' ) {
662 return $this->mainLoginForm( wfMsg( 'nocookieslogin' ) );
665 return $this->mainLoginForm( wfMsg( 'error' ) );
668 return $this->successfulLogin( wfMsg( 'loginsuccess', $wgUser->getName() ) );
675 function throttleHit( $limit ) {
678 $wgOut->addWikiText( wfMsg( 'acct_creation_throttle_hit', $limit ) );
682 * Produce a bar of links which allow the user to select another language
683 * during login/registration but retain "returnto"
687 function makeLanguageSelector() {
688 $msg = wfMsgForContent( 'loginlanguagelinks' );
689 if( $msg != '' && $msg != '<loginlanguagelinks>' ) {
690 $langs = explode( "\n", $msg );
692 foreach( $langs as $lang ) {
693 $lang = trim( $lang, '* ' );
694 $parts = explode( '|', $lang );
695 $links[] = $this->makeLanguageSelectorLink( $parts[0], $parts[1] );
697 return count( $links ) > 0 ?
wfMsgHtml( 'loginlanguagelabel', implode( ' | ', $links ) ) : '';
704 * Create a language selector link for a particular language
705 * Links back to this page preserving type and returnto
707 * @param $text Link text
708 * @param $lang Language code
710 function makeLanguageSelectorLink( $text, $lang ) {
712 $self = Title
::makeTitle( NS_SPECIAL
, 'Userlogin' );
713 $attr[] = 'uselang=' . $lang;
714 if( $this->mType
== 'signup' )
715 $attr[] = 'type=signup';
716 if( $this->mReturnTo
)
717 $attr[] = 'returnto=' . $this->mReturnTo
;
718 $skin =& $wgUser->getSkin();
719 return $skin->makeKnownLinkObj( $self, htmlspecialchars( $text ), implode( '&', $attr ) );